On Mon, Jul 11, 2022 at 11:31:32PM -0700, Noah Misch wrote:
> On Mon, Jul 11, 2022 at 12:39:57PM -0400, Bruce Momjian wrote:
> > I had trouble reading the sentences in the order you used so I
> > restructured it:
> >
> > The new default is one of the secure schema usage patterns that <xref
> > linkend="ddl-schemas-patterns"/> has recommended since the security
> > release for CVE-2018-1058. The change applies to newly-created
> > databases in existing clusters and for new clusters. Upgrading a
> > cluster or restoring a database dump will preserve existing permissions.
>
> I agree with the sentence order change.
Great.
> > For existing databases, especially those having multiple users, consider
> > issuing <literal>REVOKE</literal> to adopt this new default. For new
> > databases having zero need to defend against insider threats, granting
> > <literal>USAGE</literal> permission on their <literal>public</literal>
> > schemas will yield the behavior of prior releases.
>
> s/USAGE/CREATE/ in the last sentence. Looks good with that change.
Ah, yes, of course.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Indecision is a decision. Inaction is an action. Mark Batterson